Folks,
We are happy to be included into the top 5 most promising bug bounty programs of 2021 by the TheHackerNews:
https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html
The recognition, however, comes with the responsibility – an inalienable part of our project. During the last days we received several complaints about automated submissions of irrelevant findings such as WordPress XMMRPC file existence. The value of such submissions for website owners is at least questionable.
Therefore, as of today, all CWE-200 submissions without practical value – including phpinfo pages – will be rejected and deleted. You may still submit them within the scope of the running bug bounty programs – if the website owner expressly marked that s/he wishes to get such submissions.
We also remind that the purpose of our project is quality of the submissions, not their quantity. All usage of automated tools will lead to account suspension – let’s bring value to the website owners and suitably support their efforts to secure their websites!
Would be better if you’d just ban the folks causing problems instead of limiting submissions from the people who are not.
I agree with you, xmlrpc is a real vulnerability that for me must be sent to the managers of websites.
It can still lead to the downfall of the website server!